This commit is about documenting some weird new behavior.

Since Chormium 72 our webChannelWithBadString fails. This is
fascinating issue and can be tracked down to commit in Chromium
https://chromium-review.googlesource.com/c/1282993


which "fixes" well-forming of JSON.strigify. This function
is used by webchannel.js to send data through webchannel
transport. In c++ land we get now for invalid utf16 replacement
in form of '\\u' + i.toString(16).padStart(4, '0').
This sadly does not trigger any longer REPLACE_INVALID_UTF8 in
WebChannelTransport::NativeQtSendMessage. Moreover
this goes even "worse" since QMetaObjectPublisher
will create invalid utf16 form raw "\ud800" string -> '\ud800'.

This is not an error per se, since test creates invalid utf16
character in javascript  and it ends as invalid utf8 character in c++.

Btw enable test on qemu.

Change-Id: I36f2df417d7b9f3f2113792f08025821737d8d01
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

Fixes regression, introduced by the fix for QTBUG-66011, where setting
JavascriptEnabled to false stops all scripts from running instead of only
MainWorld scripts (as documented). Only the DocumentCreation injection point is
affected.

The original change which introduced the regression consisted of moving the
DocumentCreation injection point from

    ContentRendererClient::RunScriptsAtDocumentStart

to

    RenderFrameObserver::DidClearWindowObject.

The problem of scripts not working on view-source URLs was fixed by this move,
but it turns out that the call to DidClearWindowObject happens to be conditional
on Document::CanExecuteScripts and this is, of course, false if JS is disabled.
Hence the regression.

This new patch moves the injection point again to a task launched from

    RenderFrameObserver::DidCommitProvisionalLoad.

DidCommitProvisionalLoad and DidClearWindowObject are both indirectly called
from DocumentLoader::InstallNewDocument, however the former is called before the
Document is opened and is therefore too early for script execution. As such, the
execution is delayed by posting a task which, in theory, should be scheduled
very soon after the normal call to DidClearWindowObject.

Fixes: QTBUG-74304
Change-Id: Iac8714bcc5651c287b73181811af26996d955af5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Change-Id: Ic355257066c7c1433862cb41e6f2bfa831147e0d
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

Add a test that we can have larger world ids.

Change-Id: Ibc8a0eb5e6f56aa41183adb3726b2c3141197c84
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

warning: ‘QWebEngineScript webChannelScript()’ defined
but not used [-Wunused-function]

Change-Id: If7d5def2c539c3b2d448452fa154c1574778b17d
Reviewed-by: Kai Koehne <kai.koehne@qt.io>

Add webengine-webchannel feature.

Change-Id: I600572180f8169aafe79cf0408527cc087d9a007
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

Use qwebchannel.js shipped with qtwebchannel.

Change-Id: Iceead5131d22a6988bbb4e7a3cca1e9f21908e3e
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

Turns out JavaScript's JSON.stringify is not guaranteed to produce valid UTF-16
strings. It is possible in JavaScript to produce string objects which contain
invalid code units (unmatched surrogate pairs) and JSON.stringify will simply
copy this data to it's output. However, such a string cannot be losslessly
converted to UTF-8 and this leads to fun errors in WebChannelIPCTransport.

This patch

  - Adds a test for the scenario above.

  - Changes WebChannelIPCTransport to replace these invalid code units with the
    Unicode replacement character U+FFFD.

  - Changes WebChannelIPCTransportHost to validate the data it gets from the
    renderer. Not validating the data defeats the whole point of Chromium's
    fancy multi-process architecture: the renderer is not to be trusted.

  - Changes WebChannelIPCTransport to throw JavaScript exceptions for various
    errors (missing argument, wrong type, invalid JSON). Seems like the polite
    thing to do.

Task-number: QTBUG-61969
Change-Id: I83275a0eaed77109dc458b80e27217108dde9f7b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Avoid hitting undefined reference to
'bool TestNamespace::QTest::qCompare<unsigned long, unsigned int>...'

Change-Id: I91588869708899e1055619ca9ba46d2061869417
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Replace injectionPoint test with a timeout-less version that uses

- both a single-frame and a multi-frame page
- both main and isolated worlds
- cross-process navigation
- window.open
- profile-wide scripts

Task-number: QTBUG-66338
Change-Id: Ica4acb8ada4acc38aa5e1ca00e7512a2e69b785f
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

As of version 63, Chromium creates proxy frames also for the main frame in the
frame tree during cross-process navigations. This leads to a segmentation fault
in WebChannelIPCTransport because we assume that all main frames are local.

See https://crrev.com/27caae83cb530daaf49f9a38793e427cdf493a65

 for details.

This patch refactors the renderer-side WebChannelIPCTransport from a
RenderViewObserver into a RenderFrameObserver, which prevents the segmentation
fault since the RenderFrameObserver is not created for proxy frames. Most likely
this would have to be done eventually anyway since the RenderView and
RenderViewObserver classes are deprecated and will likely be removed as part of
the Site Isolation project.

Installation is changed to follow Chromium's RenderFrameImpl in the sense of
performing the installation from RenderFrameObserver::DidClearWindowObject
instead of ContentRendererClient::RunScriptsAtDocumentStart. This has the
benefit of avoiding the ScriptForbiddenScope DCHECK.

Additionally there are the following minor changes:

  - The deprecated parameterless version of v8::Value::ToObject() method is
    replaced with v8::Value::IsObject() check and v8::Local::Cast.

  - The deprecated v8::Handle typedef is replaced with v8::Local.

  - The deprecated single-parameter WebContentsObserver::OnMessageReceived is
    replaced with the new two-parameter version.

  - blink::MainThreadIsolate() is used instead of v8::Isolate::GetCurrent() for
    Install/Uninstall since we know we are executing on the main thread.

  - WebChannelIPCTransportHost is changed to ignore messages from unexpected
    renderers in case something goes wrong with the renderers.

  - Logging is added to WebChannelIPCTransportHost for debugging purposes.

Some new unit tests are added, all of which fail with the old version.

Task-number: QTBUG-66333
Change-Id: I936d142fb042d9f936a3f9d08d4328ecba595f1f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

The code was not correctly giving a function as argument to the
addEventHandler, and the whole logic was more complicated than it
needed to be.

Change-Id: I21e4e6bb6adf1071ae7eb2798d129224af8ef0fb
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>

Change-Id: I8e75d21853ac8f7681b20101e40597154bcaca2d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Change-Id: I536258e22c2ec143f2fd3f1cbda229e0611b6af4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>

I added QSignalSpy::wait() in Qt 5.0 exactly for this purpose.

Change-Id: I895a92f5f7e4e8554e00f6668e6973cc2c903adf
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

The gin JavaScript binging gets destroyed on page reload
after all references to it disappear from the previous document.
Do like other gin wrapper and reinstall the transport binding on
DidCreateDocumentElement, following how it's done by the
MojoBindingsController.

Task-number: QTBUG-53411
Change-Id: Ibcd9ef9dbedc5762d4f2210fd81f68e5b9127680
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

Make it possible to set a web-channel so that it can only be accessed
by private scripts.

Pulls in needed API extension in 3rdparty.

Task-number: QTBUG-50318
Change-Id: I61bcce5c318dffe0a406ee8cddf31f58a021c22c
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>

We exposed javascript worlds for user-scripts, this adds variants of
runJavaScript that can access those worlds.

Change-Id: I5a0b40b863b543cd364c902d0a84ae2c35e2a0b8
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>

Use QTRY_COMPARE instead of a hard-coded timeout.
Fix usage of setTimeout in DOMContentLoaded event listener.

Change-Id: I915ea0d2c54cf45be42803963d03b19c15135fd4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>

Change the behavior of QWebEnginePage/WebEngineView
to print JavaScript console.warn and console.error messages
by default in a 'js' logging category. This matches also
the behavior for QtQml, where console messages end up in
a 'qml' logging category by default.

So far access to the JavaScript console required either use
of the remote debugging functionality, subclassing of
QWebEnginePage, or implementing a custom handler.
Anyhow, even then writing a seamless forwarding of
the data and metadata to the Qt message handler is
difficult. This patches implements this forwarding by
default.

The behavior can be changed by either setting up rules
for the 'js' category, e.g.

  setFilterRules("js.*=false");

or by implementing onJavaScriptConsoleMessage(),
or overriding QWebEnginePage::javaScriptConsoleMessage.

[ChangeLog] Unhandled JS console messages are now
forwarded to to the Qt message handler inside a 'js'
category.

Change-Id: I5480383a80dcf7a122496f9b7915264ef9036db3
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>

Avoid code duplication.

Change-Id: Icd270ff4e45112111b7eb9590e415947f63ce15b
Reviewed-by: Andras Becsi <andras.becsi@theqtcompany.com>

The MSVC doesn't support this type of string literal concatenation.

Change-Id: I051593a34c801df6c5264370ad751c45bbb41b5a
Reviewed-by: Pierre Rossi <pierre.rossi@theqtcompany.com>

Change-Id: Id29c1ed0b29114f426c35a45192a723d305c5b29
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>